Vulnerabilities > CVE-2009-2698 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
suse
fedoraproject
redhat
vmware
CWE-476
nessus
exploit available

Summary

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

Vulnerable Configurations

Part Description Count
OS
Linux
749
OS
Canonical
4
OS
Suse
3
OS
Fedoraproject
1
OS
Redhat
9
OS
Vmware
1
Application
Vmware
1

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionLinux Kernel < 2.6.19 udp_sendmsg Local Root Exploit. CVE-2009-2698. Local exploit for linux platform
    idEDB-ID:9575
    last seen2016-02-01
    modified2009-09-02
    published2009-09-02
    reporterAndi
    sourcehttps://www.exploit-db.com/download/9575/
    titleLinux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit
  • descriptionLinux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit. CVE-2009-2698. Local exploit for linux platform
    idEDB-ID:9542
    last seen2016-02-01
    modified2009-08-31
    published2009-08-31
    reporterINetCop Security
    sourcehttps://www.exploit-db.com/download/9542/
    titleLinux Kernel 2.6 < 2.6.19 - 32-bit ip_append_data ring0 Root Exploit

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1233.NASL
    descriptionUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id40795
    published2009-08-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40795
    titleRHEL 3 : kernel (RHSA-2009:1233)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1233. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40795);
      script_version ("1.30");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038, 36108);
      script_xref(name:"RHSA", value:"2009:1233");
    
      script_name(english:"RHEL 3 : kernel (RHSA-2009:1233)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix two security issues are now available
    for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    All Red Hat Enterprise Linux 3 users should upgrade to these updated
    packages, which contain backported patches to resolve these issues.
    The system must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1233"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-smp-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-unsupported");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2009-2692", "CVE-2009-2698");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2009:1233");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1233";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"kernel-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"kernel-doc-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-hugemem-unsupported-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i686", reference:"kernel-smp-unsupported-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"kernel-source-2.4.21-60.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"kernel-unsupported-2.4.21-60.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
      }
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2009-0023.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - backport for online resize of blockdev [orabug 8585251] [rh bugz 444964] - CVE-2009-2692 - [net] make sock_sendpage use kernel_sendpage (Jiri Pirko) [517445 516955] - CVE-2009-2698 - [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043] - Updated cciss module to 3.6.20 - update bnx2x 1.48.107 - update bnx2 1.8.8b - update bfa to 1.1.0.9-0 [bugz 9518] - Fix dom0 crash in loopback_start_xmit+0x107/0x2BD [bug 7634343]
    last seen2020-06-01
    modified2020-06-02
    plugin id79465
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79465
    titleOracleVM 2.1 : kernel (OVMSA-2009-0023)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2009-0023.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79465);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038, 36108);
    
      script_name(english:"OracleVM 2.1 : kernel (OVMSA-2009-0023)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - backport for online resize of blockdev [orabug 8585251]
        [rh bugz 444964]
    
      - CVE-2009-2692 - [net] make sock_sendpage use
        kernel_sendpage (Jiri Pirko) [517445 516955]
    
      - CVE-2009-2698 - [net] prevent null pointer dereference
        in udp_sendmsg (Vitaly Mayatskikh) [518047 518043]
    
      - Updated cciss module to 3.6.20 
    
      - update bnx2x 1.48.107 
    
      - update bnx2 1.8.8b 
    
      - update bfa to 1.1.0.9-0 [bugz 9518]
    
      - Fix dom0 crash in loopback_start_xmit+0x107/0x2BD [bug
        7634343]"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2009-October/000033.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dfbb8f44"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-BOOT-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-ovs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.1", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.1", reference:"kernel-BOOT-2.6.18-8.1.15.6.2.el5")) flag++;
    if (rpm_check(release:"OVS2.1", reference:"kernel-BOOT-devel-2.6.18-8.1.15.6.2.el5")) flag++;
    if (rpm_check(release:"OVS2.1", reference:"kernel-kdump-2.6.18-8.1.15.6.2.el5")) flag++;
    if (rpm_check(release:"OVS2.1", reference:"kernel-kdump-devel-2.6.18-8.1.15.6.2.el5")) flag++;
    if (rpm_check(release:"OVS2.1", reference:"kernel-ovs-2.6.18-8.1.15.6.2.el5")) flag++;
    if (rpm_check(release:"OVS2.1", reference:"kernel-ovs-devel-2.6.18-8.1.15.6.2.el5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-BOOT / kernel-BOOT-devel / kernel-kdump / kernel-kdump-devel / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090827_KERNEL_ON_SL3_X.NASL
    descriptionCVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc CVE-2009-2698 kernel: udp socket NULL ptr dereference These updated packages fix the following security issues : - a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) - a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60648
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60648
    titleScientific Linux Security Update : kernel on SL3.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60648);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL3.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc
    
    CVE-2009-2698 kernel: udp socket NULL ptr dereference
    
    These updated packages fix the following security issues :
    
      - a flaw was found in the SOCKOPS_WRAP macro in the Linux
        kernel. This macro did not initialize the sendpage
        operation in the proto_ops structure correctly. A local,
        unprivileged user could use this flaw to cause a local
        denial of service or escalate their privileges.
        (CVE-2009-2692, Important)
    
      - a flaw was found in the udp_sendmsg() implementation in
        the Linux kernel when using the MSG_MORE flag on UDP
        sockets. A local, unprivileged user could use this flaw
        to cause a local denial of service or escalate their
        privileges. (CVE-2009-2698, Important)
    
    The system must be rebooted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-errata&T=0&P=2584
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fae1e4b8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"kernel-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", reference:"kernel-doc-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", cpu:"i386", reference:"kernel-hugemem-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", reference:"kernel-smp-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", reference:"kernel-smp-unsupported-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", reference:"kernel-source-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"SL3", reference:"kernel-unsupported-2.4.21-60.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1233.NASL
    descriptionFrom Red Hat Security Advisory 2009:1233 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67917
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67917
    titleOracle Linux 3 : kernel (ELSA-2009-1233)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1233 and 
    # Oracle Linux Security Advisory ELSA-2009-1233 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67917);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038, 36108);
      script_xref(name:"RHSA", value:"2009:1233");
    
      script_name(english:"Oracle Linux 3 : kernel (ELSA-2009-1233)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1233 :
    
    Updated kernel packages that fix two security issues are now available
    for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    All Red Hat Enterprise Linux 3 users should upgrade to these updated
    packages, which contain backported patches to resolve these issues.
    The system must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-August/001133.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-unsupported");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2009-2692", "CVE-2009-2698");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2009-1233");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.4";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-BOOT-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-BOOT-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-doc-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-doc-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-doc-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-hugemem-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-smp-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-source-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-source-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-source-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"i386", reference:"kernel-unsupported-2.4.21-60.0.0.0.1.EL")) flag++;
    if (rpm_exists(release:"EL3", rpm:"kernel-unsupported-2.4.21") && rpm_check(release:"EL3", cpu:"x86_64", reference:"kernel-unsupported-2.4.21-60.0.0.0.1.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1222.NASL
    descriptionFrom Red Hat Security Advisory 2009:1222 : Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug : * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running
    last seen2020-06-01
    modified2020-06-02
    plugin id67914
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67914
    titleOracle Linux 5 : kernel (ELSA-2009-1222)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1222 and 
    # Oracle Linux Security Advisory ELSA-2009-1222 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67914);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038);
      script_xref(name:"RHSA", value:"2009:1222");
    
      script_name(english:"Oracle Linux 5 : kernel (ELSA-2009-1222)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1222 :
    
    Updated kernel packages that fix two security issues and a bug are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    These updated packages also fix the following bug :
    
    * in the dlm code, a socket was allocated in tcp_connect_to_sock(),
    but was not freed in the error exit path. This bug led to a memory
    leak and an unresponsive system. A reported case of this bug occurred
    after running 'cman_tool kill -n [nodename]'. (BZ#515432)
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-August/001128.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2009-2692", "CVE-2009-2698");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2009-1222");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-128.7.1.0.1.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-128.7.1.0.1.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6460.NASL
    descriptionThis update fixes a single critical security issues in the SUSE Linux Enterprise 10 SP 2 kernel. - A missing check in the MSG_PROBE handling can be used to execute privileges to root. (CVE-2009-2698)
    last seen2020-06-01
    modified2020-06-02
    plugin id59139
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59139
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6460)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59139);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2009-2698");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6460)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a single critical security issues in the SUSE Linux
    Enterprise 10 SP 2 kernel.
    
      - A missing check in the MSG_PROBE handling can be used to
        execute privileges to root. (CVE-2009-2698)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-2698.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6460.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"kernel-default-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"kernel-source-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"kernel-syms-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-default-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-source-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-syms-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.42.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1233.NASL
    descriptionUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id40808
    published2009-08-31
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40808
    titleCentOS 3 : kernel (CESA-2009:1233)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1233 and 
    # CentOS Errata and Security Advisory 2009:1233 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40808);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038, 36108);
      script_xref(name:"RHSA", value:"2009:1233");
    
      script_name(english:"CentOS 3 : kernel (CESA-2009:1233)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix two security issues are now available
    for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    All Red Hat Enterprise Linux 3 users should upgrade to these updated
    packages, which contain backported patches to resolve these issues.
    The system must be rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-August/016117.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a9b59a5a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-August/016118.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0d40178c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-BOOT");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-unsupported");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-unsupported");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-BOOT-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-doc-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-doc-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-hugemem-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-hugemem-unsupported-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-smp-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-smp-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-smp-unsupported-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-smp-unsupported-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-source-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-source-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"kernel-unsupported-2.4.21-60.EL")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"kernel-unsupported-2.4.21-60.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-BOOT / kernel-doc / kernel-hugemem / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1222.NASL
    descriptionUpdated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug : * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running
    last seen2020-06-01
    modified2020-06-02
    plugin id43777
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43777
    titleCentOS 5 : kernel (CESA-2009:1222)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1222 and 
    # CentOS Errata and Security Advisory 2009:1222 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43777);
      script_version("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038);
      script_xref(name:"RHSA", value:"2009:1222");
    
      script_name(english:"CentOS 5 : kernel (CESA-2009:1222)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix two security issues and a bug are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    These updated packages also fix the following bug :
    
    * in the dlm code, a socket was allocated in tcp_connect_to_sock(),
    but was not freed in the error exit path. This bug led to a memory
    leak and an unresponsive system. A reported case of this bug occurred
    after running 'cman_tool kill -n [nodename]'. (BZ#515432)
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-August/016109.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?665b237c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-August/016110.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9f2c27b2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-128.7.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-128.7.1.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1222.NASL
    descriptionUpdated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug : * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running
    last seen2020-06-01
    modified2020-06-02
    plugin id40765
    published2009-08-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40765
    titleRHEL 5 : kernel (RHSA-2009:1222)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1222. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40765);
      script_version ("1.33");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038);
      script_xref(name:"RHSA", value:"2009:1222");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2009:1222)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix two security issues and a bug are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    These updated packages also fix the following bug :
    
    * in the dlm code, a socket was allocated in tcp_connect_to_sock(),
    but was not freed in the error exit path. This bug led to a memory
    leak and an unresponsive system. A reported case of this bug occurred
    after running 'cman_tool kill -n [nodename]'. (BZ#515432)
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1222"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2009-2692", "CVE-2009-2698");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2009:1222");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1222";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-128.7.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-128.7.1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1223.NASL
    descriptionFrom Red Hat Security Advisory 2009:1223 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67915
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67915
    titleOracle Linux 4 : kernel (ELSA-2009-1223)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1223 and 
    # Oracle Linux Security Advisory ELSA-2009-1223 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67915);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(36038);
      script_xref(name:"RHSA", value:"2009:1223");
    
      script_name(english:"Oracle Linux 4 : kernel (ELSA-2009-1223)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1223 :
    
    Updated kernel packages that fix two security issues are now available
    for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated packages fix the following security issues :
    
    * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
    macro did not initialize the sendpage operation in the proto_ops
    structure correctly. A local, unprivileged user could use this flaw to
    cause a local denial of service or escalate their privileges.
    (CVE-2009-2692, Important)
    
    * a flaw was found in the udp_sendmsg() implementation in the Linux
    kernel when using the MSG_MORE flag on UDP sockets. A local,
    unprivileged user could use this flaw to cause a local denial of
    service or escalate their privileges. (CVE-2009-2698, Important)
    
    Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the
    Google Security Team for responsibly reporting these flaws.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-August/001129.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-largesmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xenU-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2009-2692", "CVE-2009-2698");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2009-1223");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL4", rpm:"kernel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-devel-2.6.9") && rpm_check(release:"EL4", reference:"kernel-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-doc-2.6.9") && rpm_check(release:"EL4", reference:"kernel-doc-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-hugemem-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"ia64", reference:"kernel-largesmp-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-largesmp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-largesmp-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-smp-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"i386", reference:"kernel-xenU-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    if (rpm_exists(release:"EL4", rpm:"kernel-xenU-devel-2.6.9") && rpm_check(release:"EL4", cpu:"x86_64", reference:"kernel-xenU-devel-2.6.9-89.0.9.0.1.EL")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6453.NASL
    descriptionThis update fixes a single critical security issues in the SUSE Linux Enterprise 10 SP 2 kernel. - A missing check in the MSG_PROBE handling can be used to execute privileges to root. (CVE-2009-2698)
    last seen2020-06-01
    modified2020-06-02
    plugin id41541
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41541
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6453)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41541);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2009-2698");
    
      script_name(english:"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6453)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a single critical security issues in the SUSE Linux
    Enterprise 10 SP 2 kernel.
    
      - A missing check in the MSG_PROBE handling can be used to
        execute privileges to root. (CVE-2009-2698)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-2698.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6453.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-default-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-source-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-debug-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-default-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-smp-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-source-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-syms-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-xen-2.6.16.60-0.42.5")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.42.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1457.NASL
    descriptionUpdated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id63896
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63896
    titleRHEL 5 : kernel (RHSA-2009:1457)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1457. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63896);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-1389", "CVE-2009-2692", "CVE-2009-2698");
      script_bugtraq_id(35281, 36038, 36108);
      script_xref(name:"RHSA", value:"2009:1457");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2009:1457)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues are now
    available for Red Hat Enterprise Linux 5.2 Extended Update Support.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver
    in the Linux kernel. This driver allowed interfaces using this driver
    to receive frames larger than what could be handled. This could lead
    to a remote denial of service or code execution. (CVE-2009-1389,
    Important)
    
    * Tavis Ormandy and Julien Tinnes of the Google Security Team reported
    a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did
    not initialize the sendpage operation in the proto_ops structure
    correctly. A local, unprivileged user could use this flaw to cause a
    local denial of service or escalate their privileges. (CVE-2009-2692,
    Important)
    
    * Tavis Ormandy and Julien Tinnes of the Google Security Team reported
    a flaw in the udp_sendmsg() implementation in the Linux kernel when
    using the MSG_MORE flag on UDP sockets. A local, unprivileged user
    could use this flaw to cause a local denial of service or escalate
    their privileges. (CVE-2009-2698, Important)
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-1389.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-2692.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2009-2698.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2009-1457.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel Sendpage Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-PAE-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-debug-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-debug-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-debug-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-debug-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", reference:"kernel-doc-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i386", reference:"kernel-headers-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-headers-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-headers-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-kdump-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-xen-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-xen-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"i686", reference:"kernel-xen-devel-2.6.18-92.1.28.el5")) flag++;
    if (rpm_check(release:"RHEL5", sp:"2", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-92.1.28.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12487.NASL
    descriptionThis update fixes a single critical security issue in the SUSE Linux Enterprise 9 kernel. - A missing check in the MSG_PROBE handling can be used to execute privileges to root. (CVE-2009-2698)
    last seen2020-06-01
    modified2020-06-02
    plugin id41322
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41322
    titleSuSE9 Security Update : Linux kernel (YOU Patch Number 12487)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41322);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2009-2698");
    
      script_name(english:"SuSE9 Security Update : Linux kernel (YOU Patch Number 12487)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a single critical security issue in the SUSE Linux
    Enterprise 9 kernel.
    
      - A missing check in the MSG_PROBE handling can be used to
        execute privileges to root. (CVE-2009-2698)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-2698.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12487.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-bigsmp-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-debug-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-default-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-smp-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-source-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-syms-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-um-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-xen-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"kernel-xenpae-2.6.5-7.319")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"um-host-install-initrd-1.0-48.33")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"i586", reference:"um-host-kernel-2.6.5-7.319")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1223.NASL
    descriptionUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id40753
    published2009-08-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40753
    titleCentOS 4 : kernel (CESA-2009:1223)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0010.NASL
    descriptiona. Service Console update for COS kernel The service console package kernel is updated to version 2.4.21-63. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60.
    last seen2020-06-01
    modified2020-06-02
    plugin id47150
    published2010-06-28
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47150
    titleVMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1223.NASL
    descriptionUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id40766
    published2009-08-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40766
    titleRHEL 4 : kernel (RHSA-2009:1223)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1469.NASL
    descriptionUpdated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id63899
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63899
    titleRHEL 4 : kernel (RHSA-2009:1469)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-852-1.NASL
    descriptionSolar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-1883) Michael Buesch discovered that the SGI GRU driver did not correctly check the length when setting options. A local attacker could exploit this to write to the kernel stack, leading to root privilege escalation or a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584) It was discovered that SELinux did not fully implement the mmap_min_addr restrictions. A local attacker could exploit this to allocate the NULL memory page which could lead to further attacks against kernel NULL-dereference vulnerabilities. Ubuntu 6.06 was not affected. (CVE-2009-2695) Cagri Coltekin discovered that the UDP stack did not correctly handle certain flags. A local user could send specially crafted commands and traffic to gain root privileges or crash the systeam, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-2698) Hiroshi Shimamoto discovered that monotonic timers did not correctly validate parameters. A local user could make a specially crafted timer request to gain root privileges or crash the system, leading to a denial of service. Only affected Ubuntu 9.04. (CVE-2009-2767) Michael Buesch discovered that the HPPA ISA EEPROM driver did not correctly validate positions. A local user could make a specially crafted request to gain root privileges or crash the system, leading to a denial of service. (CVE-2009-2846) Ulrich Drepper discovered that kernel signal stacks were not being correctly padded on 64-bit systems. A local attacker could send specially crafted calls to expose 4 bytes of kernel stack memory, leading to a loss of privacy. (CVE-2009-2847) Jens Rosenboom discovered that the clone method did not correctly clear certain fields. A local attacker could exploit this to gain privileges or crash the system, leading to a denial of service. (CVE-2009-2848) It was discovered that the MD driver did not check certain sysfs files. A local attacker with write access to /sys could exploit this to cause a system crash, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-2849) Mark Smith discovered that the AppleTalk stack did not correctly manage memory. A remote attacker could send specially crafted traffic to cause the system to consume all available memory, leading to a denial of service. (CVE-2009-2903) Loic Minier discovered that eCryptfs did not correctly handle writing to certain deleted files. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-2908) It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and ROSE network stacks did not correctly initialize their data structures. A local attacker could make specially crafted calls to read kernel memory, leading to a loss of privacy. (CVE-2009-3001, CVE-2009-3002) It was discovered that the randomization used for Address Space Layout Randomization was predictable within a small window of time. A local attacker could exploit this to leverage further attacks that require knowledge of userspace memory layouts. (CVE-2009-3238) Eric Paris discovered that NFSv4 did not correctly handle file creation failures. An attacker with write access to an NFSv4 share could exploit this to create files with arbitrary mode bits, leading to privilege escalation or a loss of privacy. (CVE-2009-3286) Bob Tracy discovered that the SCSI generic driver did not correctly use the right index for array access. A local attacker with write access to a CDR could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 was affected. (CVE-2009-3288) Jan Kiszka discovered that KVM did not correctly validate certain hypercalls. A local unprivileged attacker in a virtual guest could exploit this to crash the guest kernel, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-3290). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42209
    published2009-10-22
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42209
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-852-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090824_KERNEL_ON_SL5_X.NASL
    descriptionCVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc CVE-2009-2698 kernel: udp socket NULL ptr dereference These updated packages fix the following security issues : - a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) - a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) These updated packages also fix the following bug : - in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running
    last seen2020-06-01
    modified2020-06-02
    plugin id60646
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60646
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1872.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2698 Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service (system crash). Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. - CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. - CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. - CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). - CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops).
    last seen2020-06-01
    modified2020-06-02
    plugin id44737
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44737
    titleDebian DSA-1872-1 : linux-2.6 - denial of service/privilege escalation/information leak

Oval

  • accepted2010-08-23T04:00:08.160-04:00
    classvulnerability
    contributors
    nameChandan M C
    organizationHewlett-Packard
    definition_extensions
    commentVMware ESX Server 3.5.0 is installed
    ovaloval:org.mitre.oval:def:5887
    descriptionThe udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    familyunix
    idoval:org.mitre.oval:def:11514
    statusaccepted
    submitted2010-07-10T10:25:06.000-05:00
    titleService Console update for COS kernel
    version5
  • accepted2014-01-20T04:01:40.292-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionThe udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    familyunix
    idoval:org.mitre.oval:def:8557
    statusaccepted
    submitted2010-03-19T16:57:59.000-04:00
    titleVMware kernel udp_sendmsg function vulnerability
    version7
  • accepted2013-04-29T04:18:18.955-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionThe udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    familyunix
    idoval:org.mitre.oval:def:9142
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    version27

Redhat

advisories
  • bugzilla
    id518034
    titleCVE-2009-2698 kernel: udp socket NULL ptr dereference
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • commentkernel earlier than 0:2.6.18-128.7.1.el5 is currently running
          ovaloval:com.redhat.rhsa:tst:20091222025
        • commentkernel earlier than 0:2.6.18-128.7.1.el5 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20091222026
      • OR
        • AND
          • commentkernel-headers is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222001
          • commentkernel-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314006
        • AND
          • commentkernel-devel is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222003
          • commentkernel-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314016
        • AND
          • commentkernel-xen is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222005
          • commentkernel-xen is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314018
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222007
          • commentkernel-debug-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314004
        • AND
          • commentkernel-debug is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222009
          • commentkernel-debug is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314014
        • AND
          • commentkernel-xen-devel is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222011
          • commentkernel-xen-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314020
        • AND
          • commentkernel is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222013
          • commentkernel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314008
        • AND
          • commentkernel-kdump is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222015
          • commentkernel-kdump is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314010
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222017
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314012
        • AND
          • commentkernel-PAE is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222019
          • commentkernel-PAE is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314024
        • AND
          • commentkernel-PAE-devel is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222021
          • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314022
        • AND
          • commentkernel-doc is earlier than 0:2.6.18-128.7.1.el5
            ovaloval:com.redhat.rhsa:tst:20091222023
          • commentkernel-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314002
    rhsa
    idRHSA-2009:1222
    released2009-08-24
    severityImportant
    titleRHSA-2009:1222: kernel security and bug fix update (Important)
  • bugzilla
    id518034
    titleCVE-2009-2698 kernel: udp socket NULL ptr dereference
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • commentkernel earlier than 0:2.6.9-89.0.9.EL is currently running
          ovaloval:com.redhat.rhsa:tst:20091223023
        • commentkernel earlier than 0:2.6.9-89.0.9.EL is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20091223024
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223001
          • commentkernel-doc is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304002
        • AND
          • commentkernel-xenU-devel is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223003
          • commentkernel-xenU-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304014
        • AND
          • commentkernel-devel is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223005
          • commentkernel-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304016
        • AND
          • commentkernel-smp is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223007
          • commentkernel-smp is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304004
        • AND
          • commentkernel is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223009
          • commentkernel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304018
        • AND
          • commentkernel-largesmp-devel is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223011
          • commentkernel-largesmp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304008
        • AND
          • commentkernel-smp-devel is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223013
          • commentkernel-smp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304012
        • AND
          • commentkernel-largesmp is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223015
          • commentkernel-largesmp is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304010
        • AND
          • commentkernel-xenU is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223017
          • commentkernel-xenU is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304006
        • AND
          • commentkernel-hugemem-devel is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223019
          • commentkernel-hugemem-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304022
        • AND
          • commentkernel-hugemem is earlier than 0:2.6.9-89.0.9.EL
            ovaloval:com.redhat.rhsa:tst:20091223021
          • commentkernel-hugemem is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304020
    rhsa
    idRHSA-2009:1223
    released2009-08-24
    severityImportant
    titleRHSA-2009:1223: kernel security update (Important)
  • rhsa
    idRHSA-2009:1233
rpms
  • kernel-0:2.6.18-128.7.1.el5
  • kernel-PAE-0:2.6.18-128.7.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-128.7.1.el5
  • kernel-PAE-devel-0:2.6.18-128.7.1.el5
  • kernel-debug-0:2.6.18-128.7.1.el5
  • kernel-debug-debuginfo-0:2.6.18-128.7.1.el5
  • kernel-debug-devel-0:2.6.18-128.7.1.el5
  • kernel-debuginfo-0:2.6.18-128.7.1.el5
  • kernel-debuginfo-common-0:2.6.18-128.7.1.el5
  • kernel-devel-0:2.6.18-128.7.1.el5
  • kernel-doc-0:2.6.18-128.7.1.el5
  • kernel-headers-0:2.6.18-128.7.1.el5
  • kernel-kdump-0:2.6.18-128.7.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-128.7.1.el5
  • kernel-kdump-devel-0:2.6.18-128.7.1.el5
  • kernel-xen-0:2.6.18-128.7.1.el5
  • kernel-xen-debuginfo-0:2.6.18-128.7.1.el5
  • kernel-xen-devel-0:2.6.18-128.7.1.el5
  • kernel-0:2.6.9-89.0.9.EL
  • kernel-debuginfo-0:2.6.9-89.0.9.EL
  • kernel-devel-0:2.6.9-89.0.9.EL
  • kernel-doc-0:2.6.9-89.0.9.EL
  • kernel-hugemem-0:2.6.9-89.0.9.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.9.EL
  • kernel-largesmp-0:2.6.9-89.0.9.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.9.EL
  • kernel-smp-0:2.6.9-89.0.9.EL
  • kernel-smp-devel-0:2.6.9-89.0.9.EL
  • kernel-xenU-0:2.6.9-89.0.9.EL
  • kernel-xenU-devel-0:2.6.9-89.0.9.EL
  • kernel-0:2.4.21-60.EL
  • kernel-BOOT-0:2.4.21-60.EL
  • kernel-debuginfo-0:2.4.21-60.EL
  • kernel-doc-0:2.4.21-60.EL
  • kernel-hugemem-0:2.4.21-60.EL
  • kernel-hugemem-unsupported-0:2.4.21-60.EL
  • kernel-smp-0:2.4.21-60.EL
  • kernel-smp-unsupported-0:2.4.21-60.EL
  • kernel-source-0:2.4.21-60.EL
  • kernel-unsupported-0:2.4.21-60.EL
  • kernel-0:2.6.18-92.1.28.el5
  • kernel-PAE-0:2.6.18-92.1.28.el5
  • kernel-PAE-debuginfo-0:2.6.18-92.1.28.el5
  • kernel-PAE-devel-0:2.6.18-92.1.28.el5
  • kernel-debug-0:2.6.18-92.1.28.el5
  • kernel-debug-debuginfo-0:2.6.18-92.1.28.el5
  • kernel-debug-devel-0:2.6.18-92.1.28.el5
  • kernel-debuginfo-0:2.6.18-92.1.28.el5
  • kernel-debuginfo-common-0:2.6.18-92.1.28.el5
  • kernel-devel-0:2.6.18-92.1.28.el5
  • kernel-doc-0:2.6.18-92.1.28.el5
  • kernel-headers-0:2.6.18-92.1.28.el5
  • kernel-kdump-0:2.6.18-92.1.28.el5
  • kernel-kdump-debuginfo-0:2.6.18-92.1.28.el5
  • kernel-kdump-devel-0:2.6.18-92.1.28.el5
  • kernel-xen-0:2.6.18-92.1.28.el5
  • kernel-xen-debuginfo-0:2.6.18-92.1.28.el5
  • kernel-xen-devel-0:2.6.18-92.1.28.el5
  • kernel-0:2.6.9-78.0.27.EL
  • kernel-debuginfo-0:2.6.9-78.0.27.EL
  • kernel-devel-0:2.6.9-78.0.27.EL
  • kernel-doc-0:2.6.9-78.0.27.EL
  • kernel-hugemem-0:2.6.9-78.0.27.EL
  • kernel-hugemem-devel-0:2.6.9-78.0.27.EL
  • kernel-largesmp-0:2.6.9-78.0.27.EL
  • kernel-largesmp-devel-0:2.6.9-78.0.27.EL
  • kernel-smp-0:2.6.9-78.0.27.EL
  • kernel-smp-devel-0:2.6.9-78.0.27.EL
  • kernel-xenU-0:2.6.9-78.0.27.EL
  • kernel-xenU-devel-0:2.6.9-78.0.27.EL

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 36108 CVE(CAN) ID: CVE-2009-2698 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在对UDP套接字使用MSG_MORE标记时udp_sendmsg()实现中存在漏洞,本地非特权用户可以利用这个漏洞导致拒绝服务或提升权限。 Linux kernel 2.6.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1872-1)以及相应补丁: DSA-1872-1:New Linux 2.6.18 packages fix several vulnerabilities 链接:http://www.debian.org/security/2009/dsa-1872 补丁下载: Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.diff.gz Size/MD5 checksum: 5562205 77430d6cfab939a4d1c82fab6ab70af3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.dsc Size/MD5 checksum: 5672 733c4de16e92e78c23341c948c2b3e37 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.tar.gz Size/MD5 checksum: 59372 8f60164e762c338a2d2079eda83c9b68 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.dsc Size/MD5 checksum: 740 710f999fbfec7dbbee77d348a1dd244e http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.diff.gz Size/MD5 checksum: 21030 6d4d20763b630aa689b0b138ded756b2 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.dsc Size/MD5 checksum: 892 e4bec3b34d424dea506a3a6ed4f815e4 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb Size/MD5 checksum: 1106754 784c53a2a3feae6160564b0f0e7dc007 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb Size/MD5 checksum: 42135958 ef71049a4dc7c64a8ca3192ad9449519 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb Size/MD5 checksum: 3756268 c5e762c82dd9167192ebe7665b00d1d7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb Size/MD5 checksum: 3755558 4e26460f729469e3bf131cb1a1dbeab8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb Size/MD5 checksum: 58560 743409764b9885dcb83c68dac363164d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb Size/MD5 checksum: 1837790 c9ae535585a5459ea473c2497d1c0ce4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 23392288 920ff223dd59fe0eaf89a325b0f632d0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 57878 63f539fabbf66f7678decc5d8d5413da http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 3001340 abaf85bfe9ac6bd8768187e8c63677f9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 23373060 f5670bb9aaba8a44cc4f9137564490ef http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 266026 e8833203f6b9ea59666352fa0366b41f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 23752700 a83eca12e501032b09780de9ebbb82da http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 266848 8ff085c0db4e4f5c87127bdf8265e3a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 266598 4c3c20b88a233f4302922efec2fbcd74 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 23441084 ad8f9bfd39e83af48f6c4f2792eff22d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 2977784 34e9b0a84b0e15ff821d751405b4aaf1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 57912 50b2d36c2fe7566eb9f2c311e369fa2d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch4_alpha.deb Size/MD5 checksum: 267324 b71f2d4cd480a159da3c9d408f130374 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 16953840 1f0335e59b889438fd922f4bc8e01fb4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 3256334 5a9700a9b7b254a848d4f366dada4f20 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 57908 2f6eabe586bc1b42e9baa712db83cebc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 3232218 3d214ccd614a0e5b01947ad1e80d8b08 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 3426116 2e04116680944c93578b332680ca7bdc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 3401474 d5cf8e17da27b3fa089bb1c0c9e1fbb0 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 57866 4fc97d8c25407f09fe75b048ec098a53 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 16915152 35f30bc1fbd2e8d2f2dba1d736d9b5ff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 281284 19bec646f72897b0f3cbf8c5b8aaf3b2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 15358464 a17684bd39f8e1b26ed9a07a67013152 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 57880 faa093b6cfe9e02212f3f43a4869ecfb http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 57858 de2c1e371896a31b83f7086748c9c534 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 281636 7ef4e16987de43bae1f95e700021ce7f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 1656210 e078af1e2598fb3867022ffe9360463c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 282470 d7e583361d216f95ef19e1321ad284b9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 15370258 500ad82113ee4298ca633b160a9f2b20 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 281094 4bc6bbaafa3ae15402ba876cb66daef7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb Size/MD5 checksum: 1687830 bbcd3b3203db1dc411540c2c09db5290 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4_amd64.deb Size/MD5 checksum: 5962194 cf2ab61a56ee4f4eb8e6f5a11b3ee078 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 3415016 c6f108b5e1667d1b5505e214ba348471 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 4592974 ccb57e2f070a3a9c69801508f71b2066 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 57956 11ee055c1f79ee1057021aabbc02a05a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 242788 fbc4c21a40cbb40b2c9ceb107fb903f5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 57998 1f6973b39040b138cb2d3245c38a1b21 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 8876162 27eaabb721027f73f2e593fce8cc25d3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 7929396 8a64112797bf1ea3e42a524e1d2ccfa5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 236722 002bde78d37e5100c337a5ac5f558f3b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 5016396 042ea31fe55ac4a1f59cda4deb21619b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 7573354 01d3a8eb5549856579ce07b7aa51d27e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 207700 f54d3f032a280b4ea81093802e84677c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 203162 2283ab0c3b916a5d1febfeb9a3206265 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb Size/MD5 checksum: 237414 1521d3fb098c42193dd8164091e787df hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 57982 498cc31776ca52785924987b8475c410 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 11004714 da884429c9c84920673f3bde33ed81f8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 10562930 cea0e57b2e92d02f82cbe8824c5bf265 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 11403998 9fb3b63fcb8dfee7b70d568f827e42b6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 202072 e2ac76b0f6ed13782ba148a0bfbaa993 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 200604 7af4ba971a1820457a31d9c6be81b04f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 203106 e5e653be6fe1e554cc0229175002d41e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 3026392 f525ab46801c56f3807415333e2738f6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 57954 3f7597851fb5b00af5a478c7a7ea4fca http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 11814246 46ec6cbaa14d844a4c04eed0a5ecc97e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch4_hppa.deb Size/MD5 checksum: 201928 c4e6a5a5a5871aa8b4c1b4c56f36d93d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16639318 3a3f022a960bf3a533ae4466d59593c7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16596208 b9537994d209c2c36681283929d2343f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 279334 78a9a3b6e0c25efa7c6d375ec3239a75 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16316006 90a4ff2365f3a8d6db271b5395996328 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 279826 59f9787db21d5fde12370dc5b4532c72 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 290060 c02fa416310e6eed8c31078ecda5a7c4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 3238856 c74408a12a32f2e5c667463d2882aa01 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 14376590 9ae2f1317fb7386461b01424fec7d619 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 287268 ca067e4734079188eb4caed8bf12f697 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 1332090 353d8fad0153d2b5347a1aef1d4ea64c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 3232878 ba734c74d4842e493909f98fac600df6 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 57932 ff48905f692086e6fd76871fe07cff89 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 3216410 87bb212fe64e4433052eb08080f3ce8c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 14391130 f165871d0c99d56f8181056aa8d6b258 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 286146 43a2fa642d428e033fc3b23374e10e6f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 287756 149d5dfe24c94c9a3ce3c9cff3cf4031 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16928230 0c98acfc7bfc0ce53717cecb447ea71d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 1304480 0a967e79e6903892ebfd12880c2e1bcf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 285978 6bbf01170971c9a8f76ecf4de5bc12e5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 57942 f06c11f8a4042303e8b679c2bb74eb9e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16463874 0d283f61abfc1f2f24611a5b6434fdcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 280296 0851f1d12ce31f44d5b3139289fe13eb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 58002 c420bd6512632679d12f84eb643bd153 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 57950 5f038c617159ba6fee7f009814c47ea6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 3119876 46fb19e983c4eb580c0ca4904c620dbe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 287266 c0307417ef9ec40b6c80a0b7d500ab52 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16537476 1653d19107d1cfb2449c142954f4dfda http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb Size/MD5 checksum: 16501886 f97a4864403381ebcae0b1fd2a3e5506 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4_i386.deb Size/MD5 checksum: 5510640 0504573999211a53d3f4d2751298a199 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4_i386.deb Size/MD5 checksum: 25604240 7459aa8e287b274c92492234039cc701 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 259432 9c2e1a0b961d6b0b659b8ff985c1eafb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 28195726 dbd96cd8e523c54ba78b71725cdaaa3f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 3086728 3eeca5f5ee087983471c8a293dfa8e69 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 57880 e17da73dd79d04a948197966e5c65e0a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 28022648 bcbe313e636424ed6144d9b40223832b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 57900 7faea93b2ab52a4e62678dfeecd12c14 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch4_ia64.deb Size/MD5 checksum: 259348 dac2da139c602413378dfe588be45f59 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 57928 64d14b0f88818f2d820dc8ca44456d2b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 3354336 a64e901fd034767b3eb6dd8e2e93aa1c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 166788 0a9dae8610e99231bd058e91c63ebe9b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 186564 198280a2d4453aef80fb9bf5dbec2bf4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 8291310 8efea4e1b641cccccb74eb26f3fa3476 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 15631156 274353be61c6892043f5927404f98363 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 6099622 0afaca21729d56fc84e88787b3ce1f75 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 57880 6676b167a4ae486601f6d39d86fc8528 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 154174 83817881e79dd886a0304d872ab298b3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 15660556 83d11d4d8ccc1578ce602219cef24697 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 186346 4dbe7c8ff81821d8023594a08fea857d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 9057858 271140189fe54ae8c40d266ad22c4051 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb Size/MD5 checksum: 163208 4b8ba7697467633dc0eaab58e87813d9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 186210 cf8e8c63368cb17d778ff105a32d97a6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 182242 542bfc88acb915d6a1895207e5c7053d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 57880 4bc6d603a82b33c6b7d5e25ae15c6d91 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 6037856 9d4c290e92053430559195268eb05bf5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 159482 022651f74bf8d12b21671c1e3b9107a7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 9864958 f07455b81817651a1496b324a525a6a0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 154156 c9dde04a01b4244a1db56010c877d123 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 5930722 c8eb0c9e24796ff37b69a7b053387be2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 159434 a2881cd4abb727c9aa4a9160248132fe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 186406 9e8c968109453669e2f9e34d0cc2c9fe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 15074416 39f984bc628733856200768ba81816a9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 57936 9552f93c97750555e7a3f2c47a7458d0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 5951606 af741dd871be26af8f0e04d1a63f4b70 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 15046214 8ff302c317ea6f45ee653afd44a163c7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_mipsel.deb Size/MD5 checksum: 3354590 98d6808b346ef7b0d507b64a6621ab78 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 16411244 a7935a4229c5e0d593ab76db93171d1b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 15164116 7d3d8aa85e3a997c404e569b8e30d298 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 3419764 afa126b123f4abfaedaccc1110e62c09 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 3397416 80ef10d492ef827d62e45ed73a2c8fa6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 16634994 bc5dbe11ef983d3fde1dd0224ebc9a5a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 258548 bc0fff5d685fd70c36a70a77631e8fbd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 57926 d6391047097dd9549412389891da39e0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 57888 07fdb1f0ec29f9727805dbac661f586b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 256932 5968ddaba2dd0ffd034aeceeb6b9c5c9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 16975952 adf4fd623c19232d6ae3287a83572ce3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 256004 31b75bd00c901b7a4c4247cfc8b9f428 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 18317366 d41b25f12d7c6d7e3817e41a4cb20baf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 233462 982625815c563debacd2fc5cd43d2399 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 18365532 4a3010ebe14a8cc6f028a656224f74a5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 17015496 1c60889d7646d6a07c193725edb1c6d4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 249654 c37777163eff0bc7f972f100c2f18c16 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 257254 9c153115ad54f92004bf4a6bc2a56e38 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch4_powerpc.deb Size/MD5 checksum: 256740 60992e008fa95164c8776604ac5267b0 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4_powerpc.deb Size/MD5 checksum: 3371440 2265c8d13f5f4469050f6a5aadf83780 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 57902 bbfab01d81d99d30e56cc51af3d34604 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 57878 b0a70e581953e81489ea793f4f02b4a2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 149034 d5a92bb19744e05b3edc3c7f77887062 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 2947842 0fe7f591cbc050fa73992b8607365d11 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 5670730 785d3490ebcfab4497d204111a610048 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 148240 31655c0bd8b57737ad495ef7abca9e79 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch4_s390.deb Size/MD5 checksum: 1445382 dca95945efb37647a4207d322f133cfd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch4_s390.deb 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1222-02)以及相应补丁: RHSA-2009:1222-02:Important: kernel security and bug fix update 链接:https://www.redhat.com/support/errata/RHSA-2009-1222.html
    idSSV:12131
    last seen2017-11-19
    modified2009-08-26
    published2009-08-26
    reporterRoot
    titleLinux Kernel udp_sendmsg() MSG_MORE标记本地权限提升漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:12191
    last seen2017-11-19
    modified2009-09-03
    published2009-09-03
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-12191
    titleLinux Kernel &lt; 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:12160
    last seen2017-11-19
    modified2009-09-01
    published2009-09-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-12160
    titleLinux Kernel 2.6 &lt; 2.6.19 (32bit) ip_append_data() ring0 Root Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:12192
    last seen2017-11-19
    modified2009-09-03
    published2009-09-03
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-12192
    titleLinux Kernel &lt; 2.6.19 udp_sendmsg Local Root Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:66860
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-66860
    titleLinux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit (x86/x64)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:66851
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-66851
    titleLinux Kernel 2.6 < 2.6.19 - (32bit) ip_append_data() ring0 Root Exploit
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:66861
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-66861
    titleLinux Kernel < 2.6.19 udp_sendmsg Local Root Exploit

Statements

contributorTomas Hoger
lastmodified2009-09-14
organizationRed Hat
statementThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG. Updates for Red Hat Enterprise Linux 3, 4 and 5 to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2698.html